Cybersecurity Engineer – Identity Governance & Administration (IGA)

About The Position

Requirements

• Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
• In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
• Previous experience in planning and managing IT projects

Nice To Haves

• Bachelor’s degree and six years of experience or an equivalent combination of education and work experience
• Banking or financial services experience
• Certifications: CIAM, CISM, CISSP, Security+, Azure/AWS identity certs, or vendor‑specific IGA certifications.
• Background in enterprise directory services (Azure AD/Entra ID, AD DS).
• Experience with large-scale enterprise application portfolios.
• Excellent analytical and problem-solving skills
• Strong documentation and communication abilities
• Attention to detail and security risk awareness
• Collaborative mindset

Responsibilities

• Application Onboarding & Integration Support the end‑to‑end onboarding of applications into the enterprise IGA platform (e.g., SailPoint, Saviynt, Omada).
• Conduct intake assessments to determine integration requirements such as access models, connectors, roles, and entitlements.
• Collaborate with application owners to define access workflows, provisioning methods (API, SCIM, JDBC, AD groups, etc.), and approval paths.
• Develop and maintain integration documentation and technical specifications.
• Federation & MFA Enablement Work with IAM engineering teams to establish federation using SAML, OAuth, OIDC, or WS‑Fed.
• Ensure the correct MFA policies are applied based on application sensitivity, user type, and organizational standards.
• Validate that authentication flows follow Zero Trust principles and align with enterprise identity architecture.
• Troubleshoot authentication, token, and SSO issues during onboarding or post-deployment.
• Separation of Duties (SoD) & Policy Enforcement Implement and enforce SoD controls by aligning application entitlements to governance policies.
• Conduct detailed SoD risk analysis for new applications to identify conflicts and propose remediation.
• Collaborate with internal audit and compliance to maintain SoD rule sets and support audit findings.
• Ensure access roles and entitlements are structured to prevent toxic combinations of privileges.
• Identity Lifecycle & Governance Support Assist in maintaining identity data quality, entitlement hygiene, and governance standards.
• Monitor the health, performance, and accuracy of application connectors.
• Security, Compliance & Risk Management Ensure onboarded applications meet enterprise security baselines, MFA requirements, and identity governance policies.
• Support compliance initiatives such as SOX, PCI, HIPAA, or internal audit reviews.
• Contribute to risk assessments for new and existing application integrations.
• Document and remediate gaps in access controls, authentication flows, or identity governance processes.

Benefits

• All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position.
• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.